fix(cli): handle attributes of AWS::KMS::Key when hotswapping (#30112)

### Issue # (if applicable) Closes #25418. ### Reason for this change KMS Keys cannot be referenced in hotswappable resources. CDK complains that this is a limitation: ``` Could not perform a hotswap deployment, because the CloudFormation template could not be resolved: We don't support attributes of the 'AWS::KMS::Key' resource. This is a CDK limitation. Please report it at https://github.com/aws/aws-cdk/issues/new/choose. ``` ### Description of changes Add KMS keys to the supported list of resource attributes for hotswapping. ### Description of how you validated changes Tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · May 9, 2024 · a1dcaa6 · a1dcaa6
1 parent 9def360
commit a1dcaa6
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts
@@ -504,6 +504,7 @@ const RESOURCE_TYPE_ATTRIBUTES_FORMATS: { [type: string]: { [attribute: string]:
   'AWS::AppSync::GraphQLApi': { ApiId: appsyncGraphQlApiApiIdFmt },
   'AWS::AppSync::FunctionConfiguration': { FunctionId: appsyncGraphQlFunctionIDFmt },
   'AWS::AppSync::DataSource': { Name: appsyncGraphQlDataSourceNameFmt },
+  'AWS::KMS::Key': { Arn: stdSlashResourceArnFmt },
 };
 
 function iamArnFmt(parts: ArnParts): string {

diff --git a/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts b/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts
@@ -677,6 +677,69 @@ describe.each([HotswapMode.FALL_BACK, HotswapMode.HOTSWAP_ONLY])('%p mode', (hot
     });
   });
 
+  test('knows how to handle attributes of the AWS::KMS::Key resource', async () => {
+    // GIVEN
+    setup.setCurrentCfnStackTemplate({
+      Resources: {
+        Key: {
+          Type: 'AWS::KMS::Key',
+          Properties: {
+            Description: 'magic-key',
+          },
+        },
+        Machine: {
+          Type: 'AWS::StepFunctions::StateMachine',
+          Properties: {
+            DefinitionString: '{}',
+            StateMachineName: 'my-machine',
+          },
+        },
+      },
+    });
+    setup.pushStackResourceSummaries(
+      setup.stackSummaryOf('Key', 'AWS::KMS::Key', 'a-key'),
+    );
+    const cdkStackArtifact = setup.cdkStackArtifactOf({
+      template: {
+        Resources: {
+          Key: {
+            Type: 'AWS::KMS::Key',
+            Properties: {
+              Description: 'magic-key',
+            },
+          },
+          Machine: {
+            Type: 'AWS::StepFunctions::StateMachine',
+            Properties: {
+              DefinitionString: {
+                'Fn::Join': ['', [
+                  '{"KeyId":"',
+                  { Ref: 'Key' },
+                  '","KeyArn":"',
+                  { 'Fn::GetAtt': ['Key', 'Arn'] },
+                  '"}',
+                ]],
+              },
+              StateMachineName: 'my-machine',
+            },
+          },
+        },
+      },
+    });
+
+    // THEN
+    const result = await hotswapMockSdkProvider.tryHotswapDeployment(hotswapMode, cdkStackArtifact);
+
+    expect(result).not.toBeUndefined();
+    expect(mockUpdateMachineDefinition).toHaveBeenCalledWith({
+      stateMachineArn: 'arn:aws:states:here:123456789012:stateMachine:my-machine',
+      definition: JSON.stringify({
+        KeyId: 'a-key',
+        KeyArn: 'arn:aws:kms:here:123456789012:key/a-key',
+      }),
+    });
+  });
+
   test('does not explode if the DependsOn changes', async () => {
     // GIVEN
     setup.setCurrentCfnStackTemplate({